statisticsnorway · RupinderKaurSSB · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024
diff --git a/poetry.lock b/poetry.lock
diff --git a/src/dapla/auth.py b/src/dapla/auth.py
@@ -80,6 +80,12 @@ def _get_current_dapla_metadata() -> (
 
         return env, service, region
 
+    @staticmethod
+    def get_dapla_region() -> Optional[DaplaRegion]:
+        """Checks if the current Dapla Region is Dapla Lab."""
+        env, service, region = AuthClient._get_current_dapla_metadata()
+        return region
+
     @staticmethod
     def _refresh_handler(
         request: google.auth.transport.Request,
@@ -302,13 +308,40 @@ def fetch_google_credentials(force_token_exchange: bool = False) -> Credentials:
 
     @staticmethod
     def fetch_personal_token() -> str:
-        """Fetches the personal access token for the current user."""
-        try:
-            personal_token = AuthClient.fetch_local_user_from_jupyter()["access_token"]
-            return t.cast(str, personal_token)
-        except AuthError as err:
-            err._print_warning()
-            raise err
+        """If Dapla Region is Dapla Lab, retrieve the OIDC token/Keycloak token from the environment.
+
+        Returns:
+            str: The OIDC token.
+
+        Raises:
+            MissingConfigurationException: If the OIDC_TOKEN environment variable is missing or is not set.
+
+        If Dapla Region is BIP, retrieve the Keycloak token jupyterhub.
+
+        Returns:
+            str: personal/keycloak token.
+
+        Raises:
+            AuthError: Handles AuthError.
+        """
+        env, service, region = AuthClient._get_current_dapla_metadata()
+        if region == DaplaRegion.DAPLA_LAB:
+            logger.debug("Auth - Dapla Lab detected, using OIDC_TOKEN")
+            keycloak_token = os.getenv("OIDC_TOKEN")
+            if not keycloak_token:
+                raise MissingConfigurationException("OIDC_TOKEN")
+            else:
+                return keycloak_token
+        else:
+            logger.debug("Auth - BIP detected, using jupyterhub personal token")
+            try:
+                personal_token = AuthClient.fetch_local_user_from_jupyter()[
+                    "access_token"
+                ]
+                return t.cast(str, personal_token)
+            except AuthError as err:
+                err._print_warning()
+                raise err
 
     @staticmethod
     @lru_cache(maxsize=1)
@@ -336,3 +369,22 @@ def _print_warning(self) -> None:
                 )
             )
         )
+
+
+class MissingConfigurationException(Exception):
+    """Exception raised when a required environment variable or configuration is missing."""
+
+    def __init__(self, variable_name: str) -> None:
+        """Initializes a new instance of the MissingConfigurationException class.
+
+        Args:
+        variable_name (str): The name of the missing environment variable or configuration.
+        message (str): The error message to be displayed. Defaults to an empty string.
+        """
+        self.variable_name = variable_name
+        self.message = f"Missing required environment variable: {variable_name}"
+        super().__init__(self.message)
+
+    def __str__(self) -> str:
+        """Returns a string representation of the exception."""
+        return f"Configuration error: {self.message}"
diff --git a/src/dapla/doctor.py b/src/dapla/doctor.py
@@ -8,6 +8,7 @@
 from gcsfs.retry import HttpError
 
 from dapla.auth import AuthClient
+from dapla.auth import DaplaRegion
 
 logger = logging.getLogger(__name__)
 
@@ -21,14 +22,23 @@ class Doctor:
 
     @staticmethod
     def jupyterhub_auth_valid() -> bool:
-        """Checks wheter user is logged in and authenticated to Jupyterhub."""
-        print("Checking authentication to JupyterHub...")
-        try:
-            # Attempt fetching the Jupyterhub user
-            AuthClient.fetch_local_user_from_jupyter()
-        except Exception:
-            return False
-        return True
+        """Checks whether user is logged in and authenticated to Jupyterhub or Dapla Lab."""
+        print("Checking dapla region")
+        if AuthClient.get_dapla_region() == DaplaRegion.DAPLA_LAB:
+            print("Checking authentication to Dapla Lab...")
+            try:
+                AuthClient.fetch_personal_token()
+            except Exception:
+                return False
+            return True
+        else:
+            print("Checking authentication to JupyterHub...")
+            try:
+                # Attempt fetching the Jupyterhub user
+                AuthClient.fetch_local_user_from_jupyter()
+            except Exception:
+                return False
+            return True
 
     @staticmethod
     def keycloak_token_valid() -> bool:

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -11,15 +11,39 @@
 import dapla
 from dapla.auth import AuthClient
 from dapla.auth import AuthError
+from dapla.auth import MissingConfigurationException
 
 auth_endpoint_url = "https://mock-auth.no/user"
 
 
 @mock.patch.dict(
-    "dapla.auth.os.environ", {"LOCAL_USER_PATH": auth_endpoint_url}, clear=True
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "DAPLA_LAB",
+        "OIDC_TOKEN": "dummy_token",
+    },
+    clear=True,
 )
 @responses.activate
-def test_fetch_personal_token() -> None:
+def test_fetch_personal_token_for_dapla_lab() -> None:
+    client = AuthClient()
+    token = client.fetch_personal_token()
+
+    assert token == "dummy_token"
+
+
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
+@responses.activate
+def test_fetch_personal_token_for_jupyterhub() -> None:
     mock_response = {
         "access_token": "fake_access_token",
     }
@@ -37,7 +61,7 @@ def test_fetch_personal_token() -> None:
 )
 @mock.patch("dapla.auth.display")
 @responses.activate
-def test_fetch_personal_token_error(mock_display: Mock) -> None:
+def test_fetch_personal_token_error_on_jupyterhub(mock_display: Mock) -> None:
     mock_response = {
         "message": "There was an error",
     }
@@ -49,6 +73,21 @@ def test_fetch_personal_token_error(mock_display: Mock) -> None:
     mock_display.assert_called_once()
 
 
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {"DAPLA_SERVICE": "JUPYTERLAB", "DAPLA_REGION": "DAPLA_LAB", "OIDC_TOKEN": ""},
+    clear=True,
+)
+@responses.activate
+def test_fetch_personal_token_error_on_dapla_lab() -> None:
+    with pytest.raises(MissingConfigurationException) as exception:
+        AuthClient().fetch_personal_token()
+    assert (
+        str(exception.value)
+        == "Configuration error: Missing required environment variable: OIDC_TOKEN"
+    )
+
+
 @mock.patch.dict(
     "dapla.auth.os.environ",
     {"OIDC_TOKEN_EXCHANGE_URL": auth_endpoint_url, "OIDC_TOKEN": "dummy_token"},

diff --git a/tests/test_converter.py b/tests/test_converter.py
@@ -1,11 +1,12 @@
 import json
 from unittest import mock
-from unittest.mock import Mock
 
 import responses
 
 from dapla.converter import ConverterClient
 
+auth_endpoint_url = "https://mock-auth.no/user"
+
 converter_test_url = "https://mock-converter.no"
 fake_token = "1234567890"
 
@@ -109,10 +110,17 @@
 """
 
 
-@mock.patch("dapla.auth.AuthClient")
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "DAPLA_LAB",
+        "OIDC_TOKEN": "dummy_token",
+    },
+    clear=True,
+)
 @responses.activate
-def test_converter_start_200_response(auth_client_mock: Mock) -> None:
-    auth_client_mock.fetch_personal_token.return_value = fake_token
+def test_converter_start_200_response_on_dapla_lab() -> None:
     job_config: dict[str, str] = {}
     responses.add(
         responses.POST,
@@ -127,10 +135,53 @@ def test_converter_start_200_response(auth_client_mock: Mock) -> None:
     assert json_str["jobId"] == json.loads(sample_response_start_job)["jobId"]
 
 
-@mock.patch("dapla.auth.AuthClient")
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
 @responses.activate
-def test_converter_start_simulation_200_response(auth_client_mock: Mock) -> None:
-    auth_client_mock.fetch_personal_token.return_value = fake_token
+def test_converter_start_200_response_on_jupyterhub() -> None:
+    mock_response = {
+        "access_token": "fake_access_token",
+    }
+    responses.add(responses.GET, auth_endpoint_url, json=mock_response, status=200)
+
+    job_config: dict[str, str] = {}
+
+    responses.add(
+        responses.POST,
+        "https://mock-converter.no/jobs",
+        json=sample_response_start_job,
+        status=200,
+    )
+    client = ConverterClient(converter_test_url)
+    response = client.start(job_config)
+    json_str = json.loads(response.json())
+
+    assert json_str["jobId"] == json.loads(sample_response_start_job)["jobId"]
+
+
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
+@responses.activate
+def test_converter_start_simulation_200_response() -> None:
+    mock_response = {
+        "access_token": "fake_access_token",
+    }
+    responses.add(responses.GET, auth_endpoint_url, json=mock_response, status=200)
+
     job_config: dict[str, str] = {}
     responses.add(
         responses.POST,
@@ -145,10 +196,21 @@ def test_converter_start_simulation_200_response(auth_client_mock: Mock) -> None
     assert json_str["jobId"] == json.loads(sample_response_start_job)["jobId"]
 
 
-@mock.patch("dapla.auth.AuthClient")
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
 @responses.activate
-def test_converter_get_job_summary_200_response(auth_client_mock: Mock) -> None:
-    auth_client_mock.fetch_personal_token.return_value = fake_token
+def test_converter_get_job_summary_200_response() -> None:
+    mock_response = {
+        "access_token": "fake_access_token",
+    }
+    responses.add(responses.GET, auth_endpoint_url, json=mock_response, status=200)
     responses.add(
         responses.GET,
         "https://mock-converter.no/jobs/01FZWP8R3PHDYD5QQS4CY1RKBW/execution-summary",
@@ -161,10 +223,21 @@ def test_converter_get_job_summary_200_response(auth_client_mock: Mock) -> None:
     assert json.loads(response.json()) == json.loads(sample_response_get_job_summary)
 
 
-@mock.patch("dapla.auth.AuthClient")
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
 @responses.activate
-def test_converter_stop_job_200_response(auth_client_mock: Mock) -> None:
-    auth_client_mock.fetch_personal_token.return_value = fake_token
+def test_converter_stop_job_200_response() -> None:
+    mock_response = {
+        "access_token": "fake_access_token",
+    }
+    responses.add(responses.GET, auth_endpoint_url, json=mock_response, status=200)
     responses.add(
         responses.POST,
         "https://mock-converter.no/jobs/01FZWP8R3PHDYD5QQS4CY1RKBW/stop",
@@ -177,10 +250,21 @@ def test_converter_stop_job_200_response(auth_client_mock: Mock) -> None:
     assert response.status_code == 200
 
 
-@mock.patch("dapla.auth.AuthClient")
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
 @responses.activate
-def test_converter_get_pseudo_report_200_response(auth_client_mock: Mock) -> None:
-    auth_client_mock.fetch_personal_token.return_value = fake_token
+def test_converter_get_pseudo_report_200_response() -> None:
+    mock_response = {
+        "access_token": "fake_access_token",
+    }
+    responses.add(responses.GET, auth_endpoint_url, json=mock_response, status=200)
     responses.add(
         responses.GET,
         "https://mock-converter.no/jobs/01FZWP8R3PHDYD5QQS4CY1RKBW/reports/pseudo",
@@ -193,10 +277,21 @@ def test_converter_get_pseudo_report_200_response(auth_client_mock: Mock) -> Non
     assert json.loads(response.json()) == json.loads(sample_response_pseudo_report)
 
 
-@mock.patch("dapla.auth.AuthClient")
+@mock.patch.dict(
+    "dapla.auth.os.environ",
+    {
+        "DAPLA_SERVICE": "JUPYTERLAB",
+        "DAPLA_REGION": "BIP",
+        "LOCAL_USER_PATH": auth_endpoint_url,
+    },
+    clear=True,
+)
 @responses.activate
-def test_converter_get_pseudo_schema_200_response(auth_client_mock: Mock) -> None:
-    auth_client_mock.fetch_personal_token.return_value = fake_token
+def test_converter_get_pseudo_schema_200_response() -> None:
+    mock_response = {
+        "access_token": "fake_access_token",
+    }
+    responses.add(responses.GET, auth_endpoint_url, json=mock_response, status=200)
     responses.add(
         responses.GET,
         "https://mock-converter.no/jobs/01FZWP8R3PHDYD5QQS4CY1RKBW/reports/pseudo-schema-hierarchy",